OpenSSL Notes

無 CA 產生 SSL 憑證 openssl genrsa -out server.key 512 openssl req -new -x509 -days 3650 -key server.key -out server.crt 建立 CA 修改 /etc/ssl/openssl.cnf 建立目錄結構 md demoCA demoCA/newcerts demoCA/private touch demoCA/index.txt echo 01 > demoCA/serial 產生 CA 私鑰 openssl genrsa -out demoCA/private/cakey.pem 4096 自行簽發 CA 證書 openssl req -new -x509 -days 3650 -key demoCA/private/cakey.pem -out demoCA/cacert.pem 用 CA 簽發 Server 證書 在 Server 上 產生 Server 私鑰 openssl genrsa -out

Nginx Config Notes

產生 SSL 憑證 openssl genrsa -out server.key 512 openssl req -new -key server.key -out server.csr openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt SSL + Spdy server { listen 443 ssl spdy; ssl_certificate server.crt; ssl_certificate_key server.key; } Reverse proxy server { location /WebApp- { rewrite ^/WebApp-[^/]*/(.*)$ /WebApp/$1 redirect; } location = /WebApp { rewrite ^ /WebApp/ redirect; } location /WebApp/ { set $ver 1.0-SNAPSHOT-20131127-1412; rewrite ^/WebApp/(.*)$ /WebApp-$ver/$1